@darraghor/nest-backend-libs 2.21.5 → 2.23.0

package/dist/authz/ApiKeyAuthGuard.d.ts

@@ -0,0 +1,5 @@
+declare const ApiKeyAuthGuard_base: import("@nestjs/passport").Type<import("@nestjs/passport").IAuthGuard>;
+export declare class ApiKeyAuthGuard extends ApiKeyAuthGuard_base {
+    constructor();
+}
+export {};

package/dist/authz/ApiKeyAuthGuard.js

@@ -0,0 +1,27 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiKeyAuthGuard = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+let ApiKeyAuthGuard = class ApiKeyAuthGuard extends (0, passport_1.AuthGuard)("headerapikey") {
+    constructor() {
+        super();
+    }
+};
+ApiKeyAuthGuard = __decorate([
+    (0, common_1.Injectable)()
+    // eslint-disable-next-line @darraghor/nestjs-typed/injectable-should-be-provided
+    ,
+    __metadata("design:paramtypes", [])
+], ApiKeyAuthGuard);
+exports.ApiKeyAuthGuard = ApiKeyAuthGuard;
+//# sourceMappingURL=ApiKeyAuthGuard.js.map

package/dist/authz/ApiKeyAuthGuard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ApiKeyAuthGuard.js","sourceRoot":"","sources":["../../src/authz/ApiKeyAuthGuard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA0C;AAC1C,+CAA2C;AAIpC,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,IAAA,oBAAS,EAAC,cAAc,CAAC;IAC1D;QACI,KAAK,EAAE,CAAC;IACZ,CAAC;CACJ,CAAA;AAJY,eAAe;IAF3B,IAAA,mBAAU,GAAE;IACb,iFAAiF;;;GACpE,eAAe,CAI3B;AAJY,0CAAe"}

package/dist/authz/RequestWithUser.d.ts

@@ -1,8 +1,8 @@
-import { Person } from "../person-internal/entities/person.entity";
+import { User } from "../user-internal/entities/user.entity";
 import { Request } from "express";
 export interface RequestWithUser extends Request {
-    user: RequestPerson;
+    user: RequestUser;
 }
-export type RequestPerson = Pick<Person, Exclude<keyof Person, "nullChecks">> & {
+export type RequestUser = Pick<User, Exclude<keyof User, "nullChecks">> & {
     permissions: string[];
 };

package/dist/authz/UserValidation.service.d.ts

@@ -1,13 +1,18 @@
 import { Repository } from "typeorm";
 import { AuthZClientService } from "../authzclient/authz.service";
 import { UserProfile } from "../authzclient/UserProfile.dto";
-import { Person } from "../person-internal";
+import { InvitationService } from "../invitations";
+import { User } from "../user-internal";
 import { AccessToken } from "./AccessToken";
 export declare class UserValidationService {
-    private repository;
+    private userRepository;
     private authzClient;
-    constructor(repository: Repository<Person>, authzClient: AuthZClientService);
-    getAuth0User(payload: AccessToken, rawAccessToken: string): Promise<UserProfile | undefined>;
-    validateUser(payload: AccessToken, rawAccessToken: string): Promise<Person | undefined>;
-    updatePersonFromAuth0(person: Person, auth0User: UserProfile): Promise<Person>;
+    private invitationService;
+    constructor(userRepository: Repository<User>, authzClient: AuthZClientService, invitationService: InvitationService);
+    getAuth0User(rawAccessToken: string): Promise<UserProfile | undefined>;
+    validateUserApiKey(apiKey: string): Promise<User | undefined>;
+    validateUser(payload: AccessToken, rawAccessToken: string, invitationId?: string): Promise<User | undefined>;
+    handleInvitation(rawAccessToken: string, invitationCode: string): Promise<User>;
+    handleNewIndependentUser(foundUser: User | null, rawAccessToken: string): Promise<User>;
+    updateUserFromAuth0(user: User, auth0User: UserProfile): Promise<User>;
 }

package/dist/authz/UserValidation.service.js

@@ -18,82 +18,133 @@ const common_1 = require("@nestjs/common");
 const typeorm_1 = require("@nestjs/typeorm");
 const typeorm_2 = require("typeorm");
 const authz_service_1 = require("../authzclient/authz.service");
+const invitations_1 = require("../invitations");
 const organisation_membership_entity_1 = require("../organisation-memberships/entities/organisation-membership.entity");
 const RolesEnum_1 = require("../organisation/dto/RolesEnum");
 const member_role_entity_1 = require("../organisation/entities/member-role.entity");
 const organisation_entity_1 = require("../organisation/entities/organisation.entity");
-const person_internal_1 = require("../person-internal");
+const user_internal_1 = require("../user-internal");
 let UserValidationService = class UserValidationService {
-    repository;
+    userRepository;
     authzClient;
-    constructor(repository, authzClient) {
-        this.repository = repository;
+    invitationService;
+    constructor(userRepository, authzClient, invitationService) {
+        this.userRepository = userRepository;
         this.authzClient = authzClient;
+        this.invitationService = invitationService;
     }
-    async getAuth0User(payload, rawAccessToken) {
+    async getAuth0User(rawAccessToken) {
         return await this.authzClient.getUser(rawAccessToken);
     }
-    async validateUser(payload, rawAccessToken) {
-        // try to find the person and their memberships
-        const foundPerson = await this.repository.findOne({
+    async validateUserApiKey(apiKey) {
+        const result = await this.userRepository.findOne({
+            where: { apiKeys: { apiKey: apiKey } },
+            relations: {
+                memberships: true,
+            },
+        });
+        // convert from null
+        if (!result)
+            return undefined;
+        return result;
+    }
+    async validateUser(payload, rawAccessToken, invitationId) {
+        if (invitationId) {
+            // even though there is commonality here it's easier to treat the invitation path as completely separate
+            return this.handleInvitation(rawAccessToken, invitationId);
+        }
+        // try to find the user and their memberships
+        const foundUser = await this.userRepository.findOne({
             where: { auth0UserId: payload.sub },
             relations: {
                 memberships: true,
             },
         });
-        // if person already configured then get out of here
-        if (foundPerson !== undefined &&
-            foundPerson !== null &&
-            foundPerson.memberships.length > 0) {
-            return foundPerson;
+        // if user is
+        // - found
+        // - already configured
+        // - not trying to join an organisation
+        // then just return the user
+        if (foundUser !== undefined &&
+            foundUser !== null &&
+            foundUser.memberships.length > 0) {
+            return foundUser;
+        }
+        // otherwise we need to add a membership to a user
+        return this.handleNewIndependentUser(foundUser, rawAccessToken);
+    }
+    async handleInvitation(rawAccessToken, invitationCode) {
+        const invitation = await this.invitationService.getOneActiveInvitation(invitationCode);
+        if (!invitation) {
+            throw new common_1.NotFoundException("Valid invitation not found");
         }
-        // if no person is found locally then get the user's profile details from auth0
-        const auth0User = await this.getAuth0User(payload, rawAccessToken);
+        // get the user's profile details from auth0
+        const auth0User = await this.getAuth0User(rawAccessToken);
         if (auth0User === undefined) {
-            return;
+            throw new Error("Error getting user profile from Auth0");
         }
-        // create a new organisation
+        if (auth0User.email_verified === false) {
+            throw new Error("Email not verified");
+        }
+        // the user's verified email address should match the invitation email address
+        if (auth0User.email.toLowerCase() !==
+            invitation.emailAddress.toLowerCase()) {
+            throw new Error("Verified email address does not match invitation email address");
+        }
+        await this.invitationService.acceptInvitation(invitation.id);
+        // eslint-disable-next-line sonarjs/prefer-immediate-return
+        const savedUser = await this.updateUserFromAuth0(invitation.organisationMembership.user, auth0User);
+        return savedUser;
+    }
+    async handleNewIndependentUser(foundUser, rawAccessToken) {
+        // get the user's profile details from auth0
+        const auth0User = await this.getAuth0User(rawAccessToken);
+        if (auth0User === undefined) {
+            throw new Error("Error getting user profile from Auth0");
+        }
+        if (auth0User.email_verified === false) {
+            throw new Error("Email not verified");
+        }
+        // create role
+        const newRole = new member_role_entity_1.MembershipRole();
+        newRole.name = RolesEnum_1.Roles.owner;
+        // create a brand new organisation
         const unsavedOrganisation = new organisation_entity_1.Organisation();
         unsavedOrganisation.name = auth0User.given_name
             ? `${auth0User.given_name}'s Organisation`
             : `My Organisation`;
-        // create roles
-        const ownerRole = new member_role_entity_1.MembershipRole();
-        ownerRole.name = RolesEnum_1.Roles.owner;
         // create a new membership
         const membership = new organisation_membership_entity_1.OrganisationMembership();
         membership.organisation = unsavedOrganisation;
-        membership.roles = [ownerRole];
-        if (foundPerson !== undefined && foundPerson !== null) {
-            // if person already exists then add the membership to the existing person
-            foundPerson.memberships = [membership];
-            return this.repository.save(foundPerson);
-        }
-        const person = this.repository.create();
-        person.memberships = [membership];
+        membership.roles = [newRole];
+        // use the found user or create a new one
+        const user = foundUser || this.userRepository.create();
+        // assign the membership
+        user.memberships = [membership];
         // eslint-disable-next-line sonarjs/prefer-immediate-return
-        const updatedPerson = this.updatePersonFromAuth0(person, auth0User);
-        return updatedPerson;
+        const updatedUser = this.updateUserFromAuth0(user, auth0User);
+        return updatedUser;
     }
-    async updatePersonFromAuth0(person, auth0User) {
-        person.auth0UserId = auth0User.sub;
-        person.blocked = false;
-        person.email = auth0User.email;
-        person.emailVerified = auth0User.email_verified;
-        person.familyName = auth0User.family_name;
-        person.givenName = auth0User.given_name;
-        person.name = auth0User.name;
-        person.picture = auth0User.picture;
-        person.username = auth0User.preferred_username;
-        // save person
-        return this.repository.save(person);
+    async updateUserFromAuth0(user, auth0User) {
+        user.auth0UserId = auth0User.sub;
+        user.blocked = false;
+        user.email = auth0User.email;
+        user.emailVerified = auth0User.email_verified;
+        user.familyName = auth0User.family_name;
+        user.givenName = auth0User.given_name;
+        user.name = auth0User.name;
+        user.picture = auth0User.picture;
+        user.username = auth0User.preferred_username;
+        // save user
+        return this.userRepository.save(user);
     }
 };
 UserValidationService = __decorate([
     (0, common_1.Injectable)(),
-    __param(0, (0, typeorm_1.InjectRepository)(person_internal_1.Person)),
+    __param(0, (0, typeorm_1.InjectRepository)(user_internal_1.User)),
     __metadata("design:paramtypes", [typeorm_2.Repository,
-        authz_service_1.AuthZClientService])
+        authz_service_1.AuthZClientService,
+        invitations_1.InvitationService])
 ], UserValidationService);
 exports.UserValidationService = UserValidationService;
 //# sourceMappingURL=UserValidation.service.js.map

package/dist/authz/UserValidation.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"UserValidation.service.js","sourceRoot":"","sources":["../../src/authz/UserValidation.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAA6D;AAC7D,2CAA0C;AAC1C,6CAAiD;AACjD,qCAAmC;AACnC,gEAAgE;AAEhE,wHAA2G;AAC3G,6DAAoD;AACpD,oFAA2E;AAC3E,sFAA0E;AAC1E,wDAA0C;AAKnC,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAGlB;IACA;IAHZ,YAEY,UAA8B,EAC9B,WAA+B;QAD/B,eAAU,GAAV,UAAU,CAAoB;QAC9B,gBAAW,GAAX,WAAW,CAAoB;IACxC,CAAC;IAEJ,KAAK,CAAC,YAAY,CACd,OAAoB,EACpB,cAAsB;QAEtB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,YAAY,CACd,OAAoB,EACpB,cAAsB;QAEtB,+CAA+C;QAC/C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YAC9C,KAAK,EAAE,EAAC,WAAW,EAAE,OAAO,CAAC,GAAG,EAAC;YACjC,SAAS,EAAE;gBACP,WAAW,EAAE,IAAI;aACpB;SACJ,CAAC,CAAC;QAEH,oDAAoD;QACpD,IACI,WAAW,KAAK,SAAS;YACzB,WAAW,KAAK,IAAI;YACpB,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EACpC;YACE,OAAO,WAAW,CAAC;SACtB;QAED,+EAA+E;QAC/E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QACnE,IAAI,SAAS,KAAK,SAAS,EAAE;YACzB,OAAO;SACV;QAED,4BAA4B;QAC5B,MAAM,mBAAmB,GAAG,IAAI,kCAAY,EAAE,CAAC;QAC/C,mBAAmB,CAAC,IAAI,GAAG,SAAS,CAAC,UAAU;YAC3C,CAAC,CAAC,GAAG,SAAS,CAAC,UAAU,iBAAiB;YAC1C,CAAC,CAAC,iBAAiB,CAAC;QAExB,eAAe;QACf,MAAM,SAAS,GAAG,IAAI,mCAAc,EAAE,CAAC;QACvC,SAAS,CAAC,IAAI,GAAG,iBAAK,CAAC,KAAK,CAAC;QAE7B,0BAA0B;QAC1B,MAAM,UAAU,GAAG,IAAI,uDAAsB,EAAE,CAAC;QAChD,UAAU,CAAC,YAAY,GAAG,mBAAmB,CAAC;QAC9C,UAAU,CAAC,KAAK,GAAG,CAAC,SAAS,CAAC,CAAC;QAE/B,IAAI,WAAW,KAAK,SAAS,IAAI,WAAW,KAAK,IAAI,EAAE;YACnD,0EAA0E;YAC1E,WAAW,CAAC,WAAW,GAAG,CAAC,UAAU,CAAC,CAAC;YACvC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;SAC5C;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QACxC,MAAM,CAAC,WAAW,GAAG,CAAC,UAAU,CAAC,CAAC;QAClC,2DAA2D;QAC3D,MAAM,aAAa,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACpE,OAAO,aAAa,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,MAAc,EAAE,SAAsB;QAC9D,MAAM,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC;QACnC,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;QACvB,MAAM,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;QAC/B,MAAM,CAAC,aAAa,GAAG,SAAS,CAAC,cAAc,CAAC;QAChD,MAAM,CAAC,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;QAC1C,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC;QACxC,MAAM,CAAC,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;QAC7B,MAAM,CAAC,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;QACnC,MAAM,CAAC,QAAQ,GAAG,SAAS,CAAC,kBAAkB,CAAC;QAE/C,cAAc;QACd,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;CACJ,CAAA;AAnFY,qBAAqB;IADjC,IAAA,mBAAU,GAAE;IAGJ,WAAA,IAAA,0BAAgB,EAAC,wBAAM,CAAC,CAAA;qCACL,oBAAU;QACT,kCAAkB;GAJlC,qBAAqB,CAmFjC;AAnFY,sDAAqB"}
+{"version":3,"file":"UserValidation.service.js","sourceRoot":"","sources":["../../src/authz/UserValidation.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6DAA6D;AAC7D,2CAA6D;AAC7D,6CAAiD;AACjD,qCAAmC;AACnC,gEAAgE;AAEhE,gDAAiD;AACjD,wHAA2G;AAC3G,6DAAoD;AACpD,oFAA2E;AAC3E,sFAA0E;AAC1E,oDAAsC;AAI/B,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAGlB;IACA;IACA;IAJZ,YAEY,cAAgC,EAChC,WAA+B,EAC/B,iBAAoC;QAFpC,mBAAc,GAAd,cAAc,CAAkB;QAChC,gBAAW,GAAX,WAAW,CAAoB;QAC/B,sBAAiB,GAAjB,iBAAiB,CAAmB;IAC7C,CAAC;IAEJ,KAAK,CAAC,YAAY,CACd,cAAsB;QAEtB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAC1D,CAAC;IACD,KAAK,CAAC,kBAAkB,CAAC,MAAc;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAC7C,KAAK,EAAE,EAAC,OAAO,EAAE,EAAC,MAAM,EAAE,MAAM,EAAC,EAAC;YAClC,SAAS,EAAE;gBACP,WAAW,EAAE,IAAI;aACpB;SACJ,CAAC,CAAC;QACH,oBAAoB;QACpB,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAE9B,OAAO,MAAM,CAAC;IAClB,CAAC;IACD,KAAK,CAAC,YAAY,CACd,OAAoB,EACpB,cAAsB,EACtB,YAAqB;QAErB,IAAI,YAAY,EAAE;YACd,wGAAwG;YACxG,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;SAC9D;QACD,6CAA6C;QAC7C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;YAChD,KAAK,EAAE,EAAC,WAAW,EAAE,OAAO,CAAC,GAAG,EAAC;YACjC,SAAS,EAAE;gBACP,WAAW,EAAE,IAAI;aACpB;SACJ,CAAC,CAAC;QAEH,aAAa;QACb,UAAU;QACV,uBAAuB;QACvB,uCAAuC;QACvC,4BAA4B;QAC5B,IACI,SAAS,KAAK,SAAS;YACvB,SAAS,KAAK,IAAI;YAClB,SAAS,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAClC;YACE,OAAO,SAAS,CAAC;SACpB;QACD,kDAAkD;QAClD,OAAO,IAAI,CAAC,wBAAwB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAClB,cAAsB,EACtB,cAAsB;QAEtB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,sBAAsB,CAClE,cAAc,CACjB,CAAC;QACF,IAAI,CAAC,UAAU,EAAE;YACb,MAAM,IAAI,0BAAiB,CAAC,4BAA4B,CAAC,CAAC;SAC7D;QAED,4CAA4C;QAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAC1D,IAAI,SAAS,KAAK,SAAS,EAAE;YACzB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC5D;QAED,IAAI,SAAS,CAAC,cAAc,KAAK,KAAK,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACzC;QAED,8EAA8E;QAC9E,IACI,SAAS,CAAC,KAAK,CAAC,WAAW,EAAE;YAC7B,UAAU,CAAC,YAAY,CAAC,WAAW,EAAE,EACvC;YACE,MAAM,IAAI,KAAK,CACX,gEAAgE,CACnE,CAAC;SACL;QAED,MAAM,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAE7D,2DAA2D;QAC3D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAC5C,UAAU,CAAC,sBAAsB,CAAC,IAAI,EACtC,SAAS,CACZ,CAAC;QACF,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC1B,SAAsB,EACtB,cAAsB;QAEtB,4CAA4C;QAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAC1D,IAAI,SAAS,KAAK,SAAS,EAAE;YACzB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC5D;QAED,IAAI,SAAS,CAAC,cAAc,KAAK,KAAK,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACzC;QAED,cAAc;QACd,MAAM,OAAO,GAAG,IAAI,mCAAc,EAAE,CAAC;QACrC,OAAO,CAAC,IAAI,GAAG,iBAAK,CAAC,KAAK,CAAC;QAE3B,kCAAkC;QAClC,MAAM,mBAAmB,GAAG,IAAI,kCAAY,EAAE,CAAC;QAC/C,mBAAmB,CAAC,IAAI,GAAG,SAAS,CAAC,UAAU;YAC3C,CAAC,CAAC,GAAG,SAAS,CAAC,UAAU,iBAAiB;YAC1C,CAAC,CAAC,iBAAiB,CAAC;QAExB,0BAA0B;QAC1B,MAAM,UAAU,GAAG,IAAI,uDAAsB,EAAE,CAAC;QAChD,UAAU,CAAC,YAAY,GAAG,mBAAmB,CAAC;QAC9C,UAAU,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,CAAC;QAE7B,yCAAyC;QACzC,MAAM,IAAI,GAAG,SAAS,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;QAEvD,wBAAwB;QACxB,IAAI,CAAC,WAAW,GAAG,CAAC,UAAU,CAAC,CAAC;QAChC,2DAA2D;QAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAC9D,OAAO,WAAW,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,IAAU,EAAE,SAAsB;QACxD,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC;QACjC,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC,cAAc,CAAC;QAC9C,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC;QACxC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,kBAAkB,CAAC;QAE7C,YAAY;QACZ,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;CACJ,CAAA;AAxJY,qBAAqB;IADjC,IAAA,mBAAU,GAAE;IAGJ,WAAA,IAAA,0BAAgB,EAAC,oBAAI,CAAC,CAAA;qCACC,oBAAU;QACb,kCAAkB;QACZ,+BAAiB;GALvC,qBAAqB,CAwJjC;AAxJY,sDAAqB"}

package/dist/authz/apikeystrategy.d.ts

@@ -0,0 +1,12 @@
+import { HeaderAPIKeyStrategy } from "passport-headerapikey";
+import { UserValidationService } from "./UserValidation.service";
+import { User } from "../user-internal";
+declare const ApiKeyStrategy_base: new (...args: any[]) => HeaderAPIKeyStrategy;
+export declare class ApiKeyStrategy extends ApiKeyStrategy_base {
+    private readonly userValidationService;
+    constructor(userValidationService: UserValidationService);
+    validate(apiKey: string, done: (error: Error | undefined, user?: User, info?: {
+        [key: string]: any;
+    }) => boolean): Promise<void>;
+}
+export {};

package/dist/authz/apikeystrategy.js

@@ -0,0 +1,43 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiKeyStrategy = void 0;
+const passport_headerapikey_1 = require("passport-headerapikey");
+const passport_1 = require("@nestjs/passport");
+const UserValidation_service_1 = require("./UserValidation.service");
+const common_1 = require("@nestjs/common");
+let ApiKeyStrategy = class ApiKeyStrategy extends (0, passport_1.PassportStrategy)(passport_headerapikey_1.HeaderAPIKeyStrategy) {
+    userValidationService;
+    constructor(userValidationService) {
+        super({ header: "Authorization", prefix: "Api-Key " }, true, async (apiKey, done) => {
+            return await this.validate(apiKey, done);
+        });
+        this.userValidationService = userValidationService;
+    }
+    async validate(apiKey, done) {
+        try {
+            const foundUser = await this.userValidationService.validateUserApiKey(apiKey);
+            if (!foundUser) {
+                done(new Error("Invalid API key"));
+            }
+            done(undefined, foundUser);
+        }
+        catch (error) {
+            done(error);
+        }
+    }
+};
+ApiKeyStrategy = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [UserValidation_service_1.UserValidationService])
+], ApiKeyStrategy);
+exports.ApiKeyStrategy = ApiKeyStrategy;
+//# sourceMappingURL=apikeystrategy.js.map

package/dist/authz/apikeystrategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apikeystrategy.js","sourceRoot":"","sources":["../../src/authz/apikeystrategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,iEAA2D;AAC3D,+CAAkD;AAClD,qEAA+D;AAC/D,2CAA0C;AAInC,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,IAAA,2BAAgB,EAAC,4CAAoB,CAAC;IACzC;IAA7B,YAA6B,qBAA4C;QACrE,KAAK,CACD,EAAC,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAC,EAC7C,IAAI,EACJ,KAAK,EACD,MAAc,EACd,IAIY,EACd,EAAE;YACA,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7C,CAAC,CACJ,CAAC;QAduB,0BAAqB,GAArB,qBAAqB,CAAuB;IAezE,CAAC;IAED,KAAK,CAAC,QAAQ,CACV,MAAc,EACd,IAIY;QAEZ,IAAI;YACA,MAAM,SAAS,GACX,MAAM,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAEhE,IAAI,CAAC,SAAS,EAAE;gBACZ,IAAI,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;aACtC;YAED,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;SAC9B;QAAC,OAAO,KAAK,EAAE;YACZ,IAAI,CAAC,KAAc,CAAC,CAAC;SACxB;IACL,CAAC;CACJ,CAAA;AAvCY,cAAc;IAD1B,IAAA,mBAAU,GAAE;qCAE2C,8CAAqB;GADhE,cAAc,CAuC1B;AAvCY,wCAAc"}

package/dist/authz/authz.module.js

@@ -18,8 +18,10 @@ const AuthConfigurationVariables_1 = __importDefault(require("./AuthConfiguratio
 const config_1 = require("@nestjs/config");
 const UserValidation_service_1 = require("./UserValidation.service");
 const typeorm_1 = require("@nestjs/typeorm");
-const person_entity_1 = require("../person-internal/entities/person.entity");
+const user_entity_1 = require("../user-internal/entities/user.entity");
 const authz_client_module_1 = require("../authzclient/authz-client.module");
+const apikeystrategy_1 = require("./apikeystrategy");
+const invitations_1 = require("../invitations");
 let AuthzModule = class AuthzModule {
 };
 AuthzModule = __decorate([
@@ -27,11 +29,18 @@ AuthzModule = __decorate([
     (0, common_1.Module)({
         imports: [
             config_1.ConfigModule.forFeature(AuthConfigurationVariables_1.default),
-            typeorm_1.TypeOrmModule.forFeature([person_entity_1.Person]),
+            typeorm_1.TypeOrmModule.forFeature([user_entity_1.User]),
             passport_1.PassportModule.register({ defaultStrategy: "jwt" }),
             authz_client_module_1.AuthzClientModule,
+            invitations_1.InvitationModule,
+        ],
+        providers: [
+            apikeystrategy_1.ApiKeyStrategy,
+            authzstrategy_1.JwtStrategy,
+            AuthConfigurationService_1.AuthConfigurationService,
+            UserValidation_service_1.UserValidationService,
+            apikeystrategy_1.ApiKeyStrategy,
         ],
-        providers: [authzstrategy_1.JwtStrategy, AuthConfigurationService_1.AuthConfigurationService, UserValidation_service_1.UserValidationService],
         exports: [passport_1.PassportModule, AuthConfigurationService_1.AuthConfigurationService],
     })
 ], AuthzModule);

package/dist/authz/authz.module.js.map

@@ -1 +1 @@
-{"version":3,"file":"authz.module.js","sourceRoot":"","sources":["../../src/authz/authz.module.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA8C;AAC9C,+CAAgD;AAChD,yEAAoE;AACpE,mDAA4C;AAC5C,8FAA2D;AAC3D,2CAA4C;AAC5C,qEAA+D;AAC/D,6CAA8C;AAC9C,6EAAiE;AACjE,4EAAqE;AAa9D,IAAM,WAAW,GAAjB,MAAM,WAAW;CAAG,CAAA;AAAd,WAAW;IAXvB,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC;QACJ,OAAO,EAAE;YACL,qBAAY,CAAC,UAAU,CAAC,oCAAe,CAAC;YACxC,uBAAa,CAAC,UAAU,CAAC,CAAC,sBAAM,CAAC,CAAC;YAClC,yBAAc,CAAC,QAAQ,CAAC,EAAC,eAAe,EAAE,KAAK,EAAC,CAAC;YACjD,uCAAiB;SACpB;QACD,SAAS,EAAE,CAAC,2BAAW,EAAE,mDAAwB,EAAE,8CAAqB,CAAC;QACzE,OAAO,EAAE,CAAC,yBAAc,EAAE,mDAAwB,CAAC;KACtD,CAAC;GACW,WAAW,CAAG;AAAd,kCAAW"}
+{"version":3,"file":"authz.module.js","sourceRoot":"","sources":["../../src/authz/authz.module.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA8C;AAC9C,+CAAgD;AAChD,yEAAoE;AACpE,mDAA4C;AAC5C,8FAA2D;AAC3D,2CAA4C;AAC5C,qEAA+D;AAC/D,6CAA8C;AAC9C,uEAA2D;AAC3D,4EAAqE;AACrE,qDAAgD;AAChD,gDAAgD;AAoBzC,IAAM,WAAW,GAAjB,MAAM,WAAW;CAAG,CAAA;AAAd,WAAW;IAlBvB,IAAA,eAAM,GAAE;IACR,IAAA,eAAM,EAAC;QACJ,OAAO,EAAE;YACL,qBAAY,CAAC,UAAU,CAAC,oCAAe,CAAC;YACxC,uBAAa,CAAC,UAAU,CAAC,CAAC,kBAAI,CAAC,CAAC;YAChC,yBAAc,CAAC,QAAQ,CAAC,EAAC,eAAe,EAAE,KAAK,EAAC,CAAC;YACjD,uCAAiB;YACjB,8BAAgB;SACnB;QACD,SAAS,EAAE;YACP,+BAAc;YACd,2BAAW;YACX,mDAAwB;YACxB,8CAAqB;YACrB,+BAAc;SACjB;QACD,OAAO,EAAE,CAAC,yBAAc,EAAE,mDAAwB,CAAC;KACtD,CAAC;GACW,WAAW,CAAG;AAAd,kCAAW"}

package/dist/authz/authzstrategy.d.ts

@@ -2,13 +2,13 @@ import { Strategy } from "passport-jwt";
 import { AccessToken } from "./AccessToken";
 import { Request } from "express";
 import { AuthConfigurationService } from "./AuthConfigurationService";
-import { RequestPerson } from "./RequestWithUser";
+import { RequestUser } from "./RequestWithUser";
 import { UserValidationService } from "./UserValidation.service";
 declare const JwtStrategy_base: new (...args: any[]) => Strategy;
 export declare class JwtStrategy extends JwtStrategy_base {
     private readonly userValidationService;
     private readonly logger;
     constructor(userValidationService: UserValidationService, config: AuthConfigurationService);
-    validate(request: Request, payload: AccessToken): Promise<RequestPerson | undefined>;
+    validate(request: Request, payload: AccessToken): Promise<RequestUser | undefined>;
 }
 export {};

package/dist/authz/authzstrategy.js

@@ -43,10 +43,11 @@ let JwtStrategy = JwtStrategy_1 = class JwtStrategy extends (0, passport_1.Passp
             this.logger.error("Couldn't log the raw access token");
             return;
         }
-        const personResult = await this.userValidationService.validateUser(payload, rawAccessToken);
+        const invitationId = request.query.invitationId;
+        const userResult = await this.userValidationService.validateUser(payload, rawAccessToken, invitationId);
         const withPermissions = { permissions: payload.permissions || [] };
         // eslint-disable-next-line sonarjs/prefer-immediate-return
-        const rp = { ...personResult, ...withPermissions };
+        const rp = { ...userResult, ...withPermissions };
         return rp;
     }
 };

package/dist/authz/authzstrategy.js.map

@@ -1 +1 @@
-{"version":3,"file":"authzstrategy.js","sourceRoot":"","sources":["../../src/authz/authzstrategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAkD;AAClD,+CAAkD;AAClD,+CAAkD;AAClD,uCAA2C;AAG3C,yEAAoE;AAEpE,qEAA+D;AAGxD,IAAM,WAAW,mBAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IAGlC;IAFJ,MAAM,GAAG,IAAI,eAAM,CAAC,aAAW,CAAC,IAAI,CAAC,CAAC;IACvD,YACqB,qBAA4C,EAC7D,MAAgC;QAEhC,KAAK,CAAC;YACF,mBAAmB,EAAE,IAAA,4BAAiB,EAAC;gBACnC,KAAK,EAAE,IAAI;gBACX,SAAS,EAAE,IAAI;gBACf,qBAAqB,EAAE,CAAC;gBACxB,OAAO,EAAE,WAAW,MAAM,CAAC,WAAW,wBAAwB;aACjE,CAAC;YACF,iBAAiB,EAAE,IAAI;YACvB,iJAAiJ;YACjJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,QAAQ,EAAE,MAAM,CAAC,aAAa;YAC9B,MAAM,EAAE,WAAW,MAAM,CAAC,WAAW,GAAG;YACxC,UAAU,EAAE,CAAC,OAAO,CAAC;SACxB,CAAC,CAAC;QAhBc,0BAAqB,GAArB,qBAAqB,CAAuB;IAiBjE,CAAC;IAED,KAAK,CAAC,QAAQ,CACV,OAAgB,EAChB,OAAoB;QAEpB,MAAM,cAAc,GAChB,yBAAU,CAAC,2BAA2B,EAAE,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,KAAK,IAAI,EAAE;YACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACvD,OAAO;SACV;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAC9D,OAAO,EACP,cAAc,CACjB,CAAC;QAEF,MAAM,eAAe,GAAG,EAAC,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,EAAE,EAAC,CAAC;QACjE,2DAA2D;QAC3D,MAAM,EAAE,GAAG,EAAC,GAAG,YAAY,EAAE,GAAG,eAAe,EAAkB,CAAC;QAClE,OAAO,EAAE,CAAC;IACd,CAAC;CACJ,CAAA;AA3CY,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAImC,8CAAqB;QACrD,mDAAwB;GAJ3B,WAAW,CA2CvB;AA3CY,kCAAW"}
+{"version":3,"file":"authzstrategy.js","sourceRoot":"","sources":["../../src/authz/authzstrategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,2CAAkD;AAClD,+CAAkD;AAClD,+CAAkD;AAClD,uCAA2C;AAG3C,yEAAoE;AAEpE,qEAA+D;AAGxD,IAAM,WAAW,mBAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IAGlC;IAFJ,MAAM,GAAG,IAAI,eAAM,CAAC,aAAW,CAAC,IAAI,CAAC,CAAC;IACvD,YACqB,qBAA4C,EAC7D,MAAgC;QAEhC,KAAK,CAAC;YACF,mBAAmB,EAAE,IAAA,4BAAiB,EAAC;gBACnC,KAAK,EAAE,IAAI;gBACX,SAAS,EAAE,IAAI;gBACf,qBAAqB,EAAE,CAAC;gBACxB,OAAO,EAAE,WAAW,MAAM,CAAC,WAAW,wBAAwB;aACjE,CAAC;YACF,iBAAiB,EAAE,IAAI;YACvB,iJAAiJ;YACjJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,QAAQ,EAAE,MAAM,CAAC,aAAa;YAC9B,MAAM,EAAE,WAAW,MAAM,CAAC,WAAW,GAAG;YACxC,UAAU,EAAE,CAAC,OAAO,CAAC;SACxB,CAAC,CAAC;QAhBc,0BAAqB,GAArB,qBAAqB,CAAuB;IAiBjE,CAAC;IAED,KAAK,CAAC,QAAQ,CACV,OAAgB,EAChB,OAAoB;QAEpB,MAAM,cAAc,GAChB,yBAAU,CAAC,2BAA2B,EAAE,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,KAAK,IAAI,EAAE;YACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACvD,OAAO;SACV;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,YAAsB,CAAC;QAE1D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAC5D,OAAO,EACP,cAAc,EACd,YAAY,CACf,CAAC;QAEF,MAAM,eAAe,GAAG,EAAC,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,EAAE,EAAC,CAAC;QACjE,2DAA2D;QAC3D,MAAM,EAAE,GAAG,EAAC,GAAG,UAAU,EAAE,GAAG,eAAe,EAAgB,CAAC;QAC9D,OAAO,EAAE,CAAC;IACd,CAAC;CACJ,CAAA;AA9CY,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAImC,8CAAqB;QACrD,mDAAwB;GAJ3B,WAAW,CA8CvB;AA9CY,kCAAW"}

package/dist/authz/index.d.ts

@@ -5,3 +5,6 @@ export { RequestWithUser } from "./RequestWithUser";
 export { ClaimsAuthorisationGuard } from "./ClaimsAuthorisationGuard";
 export { MandatoryUserClaims } from "./MandatoryUserClaims.decorator";
 export { SuperUserClaims } from "./SuperUserClaims";
+export { isOwnerOrThrow } from "./isOwnerOrThrow";
+export { ApiKeyAuthGuard } from "./ApiKeyAuthGuard";
+export { ApiKeyStrategy } from "./apikeystrategy";

package/dist/authz/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SuperUserClaims = exports.MandatoryUserClaims = exports.ClaimsAuthorisationGuard = exports.DefaultAuthGuard = exports.JwtStrategy = exports.AuthzModule = void 0;
+exports.ApiKeyStrategy = exports.ApiKeyAuthGuard = exports.isOwnerOrThrow = exports.SuperUserClaims = exports.MandatoryUserClaims = exports.ClaimsAuthorisationGuard = exports.DefaultAuthGuard = exports.JwtStrategy = exports.AuthzModule = void 0;
 var authz_module_1 = require("./authz.module");
 Object.defineProperty(exports, "AuthzModule", { enumerable: true, get: function () { return authz_module_1.AuthzModule; } });
 var authzstrategy_1 = require("./authzstrategy");
@@ -13,4 +13,10 @@ var MandatoryUserClaims_decorator_1 = require("./MandatoryUserClaims.decorator")
 Object.defineProperty(exports, "MandatoryUserClaims", { enumerable: true, get: function () { return MandatoryUserClaims_decorator_1.MandatoryUserClaims; } });
 var SuperUserClaims_1 = require("./SuperUserClaims");
 Object.defineProperty(exports, "SuperUserClaims", { enumerable: true, get: function () { return SuperUserClaims_1.SuperUserClaims; } });
+var isOwnerOrThrow_1 = require("./isOwnerOrThrow");
+Object.defineProperty(exports, "isOwnerOrThrow", { enumerable: true, get: function () { return isOwnerOrThrow_1.isOwnerOrThrow; } });
+var ApiKeyAuthGuard_1 = require("./ApiKeyAuthGuard");
+Object.defineProperty(exports, "ApiKeyAuthGuard", { enumerable: true, get: function () { return ApiKeyAuthGuard_1.ApiKeyAuthGuard; } });
+var apikeystrategy_1 = require("./apikeystrategy");
+Object.defineProperty(exports, "ApiKeyStrategy", { enumerable: true, get: function () { return apikeystrategy_1.ApiKeyStrategy; } });
 //# sourceMappingURL=index.js.map

package/dist/authz/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/authz/index.ts"],"names":[],"mappings":";;;AAAA,+CAA2C;AAAnC,2GAAA,WAAW,OAAA;AACnB,iDAA4C;AAApC,4GAAA,WAAW,OAAA;AACnB,uDAAoD;AAA5C,oHAAA,gBAAgB,OAAA;AAExB,uEAAoE;AAA5D,oIAAA,wBAAwB,OAAA;AAChC,iFAAoE;AAA5D,oIAAA,mBAAmB,OAAA;AAC3B,qDAAkD;AAA1C,kHAAA,eAAe,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/authz/index.ts"],"names":[],"mappings":";;;AAAA,+CAA2C;AAAnC,2GAAA,WAAW,OAAA;AACnB,iDAA4C;AAApC,4GAAA,WAAW,OAAA;AACnB,uDAAoD;AAA5C,oHAAA,gBAAgB,OAAA;AAExB,uEAAoE;AAA5D,oIAAA,wBAAwB,OAAA;AAChC,iFAAoE;AAA5D,oIAAA,mBAAmB,OAAA;AAC3B,qDAAkD;AAA1C,kHAAA,eAAe,OAAA;AACvB,mDAAgD;AAAxC,gHAAA,cAAc,OAAA;AACtB,qDAAkD;AAA1C,kHAAA,eAAe,OAAA;AACvB,mDAAgD;AAAxC,gHAAA,cAAc,OAAA"}

package/dist/authz/isOwnerOrThrow.d.ts

@@ -0,0 +1,2 @@
+import { Logger } from "@nestjs/common";
+export declare function isOwnerOrThrow(itemOwnerUuid: string, currentUserUuid: string, attemptedAction: string, logger?: Logger): void;

package/dist/authz/isOwnerOrThrow.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isOwnerOrThrow = void 0;
+const common_1 = require("@nestjs/common");
+function isOwnerOrThrow(itemOwnerUuid, currentUserUuid, 
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+attemptedAction, logger) {
+    if (itemOwnerUuid !== currentUserUuid) {
+        if (logger) {
+            logger.warn({
+                currentUserUuid,
+                itemOwnerUuid,
+                attemptedAction,
+            }, `Attempted to modify record for another user`);
+        }
+        throw new common_1.UnauthorizedException();
+    }
+}
+exports.isOwnerOrThrow = isOwnerOrThrow;
+//# sourceMappingURL=isOwnerOrThrow.js.map

package/dist/authz/isOwnerOrThrow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isOwnerOrThrow.js","sourceRoot":"","sources":["../../src/authz/isOwnerOrThrow.ts"],"names":[],"mappings":";;;AAAA,2CAA6D;AAE7D,SAAgB,cAAc,CAC1B,aAAqB,EACrB,eAAuB;AACvB,6DAA6D;AAC7D,eAAuB,EACvB,MAAe;IAEf,IAAI,aAAa,KAAK,eAAe,EAAE;QACnC,IAAI,MAAM,EAAE;YACR,MAAM,CAAC,IAAI,CACP;gBACI,eAAe;gBACf,aAAa;gBACb,eAAe;aAClB,EACD,6CAA6C,CAChD,CAAC;SACL;QACD,MAAM,IAAI,8BAAqB,EAAE,CAAC;KACrC;AACL,CAAC;AApBD,wCAoBC"}

package/dist/index.d.ts

@@ -21,5 +21,6 @@ export * from "./organisation-subscriptions/index";
 export * from "./organisation/index";
 export * from "./authz/index";
 export * from "./invitations/index";
-export * from "./person-internal/index";
-export * from "./person-external/index";
+export * from "./user-internal/index";
+export * from "./user-external/index";
+export * from "./user-api-key/index";

package/dist/index.js

@@ -54,6 +54,7 @@ __exportStar(require("./organisation-subscriptions/index"), exports);
 __exportStar(require("./organisation/index"), exports);
 __exportStar(require("./authz/index"), exports);
 __exportStar(require("./invitations/index"), exports);
-__exportStar(require("./person-internal/index"), exports);
-__exportStar(require("./person-external/index"), exports);
+__exportStar(require("./user-internal/index"), exports);
+__exportStar(require("./user-external/index"), exports);
+__exportStar(require("./user-api-key/index"), exports);
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,+CAA+C;AAC/C,8FAAwF;AAgCpF,yGAhCI,oDAAwB,OAgCJ;AA/B5B,oFAA6E;AA6BzE,qGA7BI,6CAAoB,OA6BJ;AA5BxB,2FAAmF;AAiB/E,sGAjBI,gDAAqB,OAiBJ;AAhBzB,mDAA+C;AA4B3C,gGA5BI,gCAAe,OA4BJ;AA3BnB,iGAA4F;AAsBxF,8GAtBI,6DAA6B,OAsBJ;AArBjC,qFAAgF;AAa5E,yGAbI,mDAAwB,OAaJ;AAZ5B,yFAAmF;AAiBrD,+FAjBtB,gDAAsB,OAiBc;AAhB5C,mHAA8G;AAiBlE,6GAjBpC,2EAAoC,OAiB4B;AAhBxE,mFAA6E;AAmBzE,qGAnBI,4CAAoB,OAmBJ;AAlBxB,6GAAwG;AAmBpG,mHAnBI,uEAAkC,OAmBJ;AAlBtC,mFAAyE;AAerE,gGAfI,sCAAe,OAeJ;AAdnB,gEAAsD;AASlD,2FATI,4BAAU,OASJ;AARd,sDAAiD;AAU7C,2FAVI,uBAAU,OAUJ;AATd,6FAAsF;AAgBlF,qGAhBI,6CAAoB,OAgBJ;AAfxB,uEAAiE;AAO7D,iGAPI,oCAAgB,OAOJ;AANpB,8EAAyE;AAkBrE,kGAlBI,qCAAiB,OAkBJ;AAGrB,wDAAsC;AACtC,mEAAiD;AACjD,qEAAmD;AACnD,uDAAqC;AACrC,gDAA8B;AAC9B,sDAAoC;AACpC,0DAAwC;AACxC,0DAAwC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,+CAA+C;AAC/C,8FAAwF;AAgCpF,yGAhCI,oDAAwB,OAgCJ;AA/B5B,oFAA6E;AA6BzE,qGA7BI,6CAAoB,OA6BJ;AA5BxB,2FAAmF;AAiB/E,sGAjBI,gDAAqB,OAiBJ;AAhBzB,mDAA+C;AA4B3C,gGA5BI,gCAAe,OA4BJ;AA3BnB,iGAA4F;AAsBxF,8GAtBI,6DAA6B,OAsBJ;AArBjC,qFAAgF;AAa5E,yGAbI,mDAAwB,OAaJ;AAZ5B,yFAAmF;AAiBrD,+FAjBtB,gDAAsB,OAiBc;AAhB5C,mHAA8G;AAiBlE,6GAjBpC,2EAAoC,OAiB4B;AAhBxE,mFAA6E;AAmBzE,qGAnBI,4CAAoB,OAmBJ;AAlBxB,6GAAwG;AAmBpG,mHAnBI,uEAAkC,OAmBJ;AAlBtC,mFAAyE;AAerE,gGAfI,sCAAe,OAeJ;AAdnB,gEAAsD;AASlD,2FATI,4BAAU,OASJ;AARd,sDAAiD;AAU7C,2FAVI,uBAAU,OAUJ;AATd,6FAAsF;AAgBlF,qGAhBI,6CAAoB,OAgBJ;AAfxB,uEAAiE;AAO7D,iGAPI,oCAAgB,OAOJ;AANpB,8EAAyE;AAkBrE,kGAlBI,qCAAiB,OAkBJ;AAGrB,wDAAsC;AACtC,mEAAiD;AACjD,qEAAmD;AACnD,uDAAqC;AACrC,gDAA8B;AAC9B,sDAAoC;AACpC,wDAAsC;AACtC,wDAAsC;AACtC,uDAAqC"}

package/dist/invitations/entities/invitation.entity.d.ts

@@ -1,4 +1,4 @@
-import { Organisation } from "../../organisation/entities/organisation.entity";
+import { OrganisationMembership } from "../../organisation-memberships/entities/organisation-membership.entity";
 export declare class Invitation {
     id: number;
     uuid: string;
@@ -7,8 +7,8 @@ export declare class Invitation {
     notificationSent: Date;
     expiresOn: Date;
     acceptedOn?: Date;
-    organisation: Organisation;
-    organisationId: Organisation;
+    organisationMembership: OrganisationMembership;
+    organisationMembershipId: number;
     createdDate: Date;
     updateDate: Date;
     deletedDate?: Date;

package/dist/invitations/entities/invitation.entity.js

@@ -11,8 +11,9 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Invitation = void 0;
 const swagger_1 = require("@nestjs/swagger");
+const class_transformer_1 = require("class-transformer");
 const typeorm_1 = require("typeorm");
-const organisation_entity_1 = require("../../organisation/entities/organisation.entity");
+const organisation_membership_entity_1 = require("../../organisation-memberships/entities/organisation-membership.entity");
 let Invitation = class Invitation {
     id;
     uuid;
@@ -21,8 +22,8 @@ let Invitation = class Invitation {
     notificationSent;
     expiresOn;
     acceptedOn;
-    organisation;
-    organisationId;
+    organisationMembership;
+    organisationMembershipId;
     createdDate;
     updateDate;
     deletedDate;
@@ -68,14 +69,15 @@ __decorate([
 ], Invitation.prototype, "acceptedOn", void 0);
 __decorate([
     (0, swagger_1.ApiProperty)(),
-    (0, typeorm_1.ManyToOne)(() => organisation_entity_1.Organisation, {}),
-    __metadata("design:type", organisation_entity_1.Organisation)
-], Invitation.prototype, "organisation", void 0);
+    (0, class_transformer_1.Type)(() => organisation_membership_entity_1.OrganisationMembership),
+    (0, typeorm_1.OneToOne)(() => organisation_membership_entity_1.OrganisationMembership, { eager: true }),
+    __metadata("design:type", organisation_membership_entity_1.OrganisationMembership)
+], Invitation.prototype, "organisationMembership", void 0);
 __decorate([
     (0, swagger_1.ApiProperty)(),
-    (0, typeorm_1.RelationId)((invitation) => invitation.organisation),
-    __metadata("design:type", organisation_entity_1.Organisation)
-], Invitation.prototype, "organisationId", void 0);
+    (0, typeorm_1.RelationId)((invitation) => invitation.organisationMembership),
+    __metadata("design:type", Number)
+], Invitation.prototype, "organisationMembershipId", void 0);
 __decorate([
     (0, typeorm_1.CreateDateColumn)(),
     (0, swagger_1.ApiProperty)(),

package/dist/invitations/entities/invitation.entity.js.map

@@ -1 +1 @@
-{"version":3,"file":"invitation.entity.js","sourceRoot":"","sources":["../../../src/invitations/entities/invitation.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAiE;AAEjE,qCAUiB;AACjB,yFAA6E;AAGtE,IAAM,UAAU,GAAhB,MAAM,UAAU;IAGnB,EAAE,CAAU;IAQL,IAAI,CAAU;IAIrB,SAAS,CAAU;IAInB,YAAY,CAAU;IAItB,gBAAgB,CAAQ;IAIxB,SAAS,CAAQ;IAIjB,UAAU,CAAQ;IAIlB,YAAY,CAAgB;IAI5B,cAAc,CAAgB;IAI9B,WAAW,CAAQ;IAInB,UAAU,CAAQ;IAIlB,WAAW,CAAQ;CACtB,CAAA;AAnDG;IAAC,IAAA,gCAAsB,GAAE;IACxB,IAAA,qBAAW,GAAE;;sCACF;AAEZ;IAAC,IAAA,gBAAM,EAAC,MAAM,EAAE;QACZ,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,GAAG,EAAE,CAAC,oBAAoB;KACtC,CAAC;IACD,IAAA,mBAAS,EAAC,MAAM,CAAC;IACjB,IAAA,qBAAW,GAAE;;wCACO;AAErB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;;6CACK;AAEnB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;;gDACQ;AAEtB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;8BACK,IAAI;oDAAC;AAExB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;8BACF,IAAI;6CAAC;AAEjB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,6BAAmB,GAAE;8BACT,IAAI;8CAAC;AAElB;IAAC,IAAA,qBAAW,GAAE;IACb,IAAA,mBAAS,EAAC,GAAG,EAAE,CAAC,kCAAY,EAAE,EAAE,CAAC;8BACnB,kCAAY;gDAAC;AAE5B;IAAC,IAAA,qBAAW,GAAE;IACb,IAAA,oBAAU,EAAC,CAAC,UAAsB,EAAE,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;8BAC/C,kCAAY;kDAAC;AAE9B;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,qBAAW,GAAE;8BACA,IAAI;+CAAC;AAEnB;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,qBAAW,GAAE;8BACD,IAAI;8CAAC;AAElB;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,6BAAmB,GAAE;8BACR,IAAI;+CAAC;AAnDV,UAAU;IADtB,IAAA,gBAAM,GAAE;GACI,UAAU,CAoDtB;AApDY,gCAAU"}
+{"version":3,"file":"invitation.entity.js","sourceRoot":"","sources":["../../../src/invitations/entities/invitation.entity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAiE;AACjE,yDAAuC;AAEvC,qCAUiB;AACjB,2HAA8G;AAGvG,IAAM,UAAU,GAAhB,MAAM,UAAU;IAGnB,EAAE,CAAU;IAQL,IAAI,CAAU;IAIrB,SAAS,CAAU;IAInB,YAAY,CAAU;IAItB,gBAAgB,CAAQ;IAIxB,SAAS,CAAQ;IAIjB,UAAU,CAAQ;IAKlB,sBAAsB,CAA0B;IAIhD,wBAAwB,CAAU;IAIlC,WAAW,CAAQ;IAInB,UAAU,CAAQ;IAIlB,WAAW,CAAQ;CACtB,CAAA;AApDG;IAAC,IAAA,gCAAsB,GAAE;IACxB,IAAA,qBAAW,GAAE;;sCACF;AAEZ;IAAC,IAAA,gBAAM,EAAC,MAAM,EAAE;QACZ,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,GAAG,EAAE,CAAC,oBAAoB;KACtC,CAAC;IACD,IAAA,mBAAS,EAAC,MAAM,CAAC;IACjB,IAAA,qBAAW,GAAE;;wCACO;AAErB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;;6CACK;AAEnB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;;gDACQ;AAEtB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;8BACK,IAAI;oDAAC;AAExB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,qBAAW,GAAE;8BACF,IAAI;6CAAC;AAEjB;IAAC,IAAA,gBAAM,GAAE;IACR,IAAA,6BAAmB,GAAE;8BACT,IAAI;8CAAC;AAElB;IAAC,IAAA,qBAAW,GAAE;IACb,IAAA,wBAAI,EAAC,GAAG,EAAE,CAAC,uDAAsB,CAAC;IAClC,IAAA,kBAAQ,EAAC,GAAG,EAAE,CAAC,uDAAsB,EAAE,EAAC,KAAK,EAAE,IAAI,EAAC,CAAC;8BAC7B,uDAAsB;0DAAC;AAEhD;IAAC,IAAA,qBAAW,GAAE;IACb,IAAA,oBAAU,EAAC,CAAC,UAAsB,EAAE,EAAE,CAAC,UAAU,CAAC,sBAAsB,CAAC;;4DACxC;AAElC;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,qBAAW,GAAE;8BACA,IAAI;+CAAC;AAEnB;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,qBAAW,GAAE;8BACD,IAAI;8CAAC;AAElB;IAAC,IAAA,0BAAgB,GAAE;IAClB,IAAA,6BAAmB,GAAE;8BACR,IAAI;+CAAC;AApDV,UAAU;IADtB,IAAA,gBAAM,GAAE;GACI,UAAU,CAqDtB;AArDY,gCAAU"}

package/dist/invitations/invitation.module.js

@@ -20,14 +20,15 @@ const organisation_module_1 = require("../organisation/organisation.module");
 const config_1 = require("@nestjs/config");
 const InvitationConfigurationVariables_1 = __importDefault(require("./InvitationConfigurationVariables"));
 const InvitationConfigurationService_1 = require("./InvitationConfigurationService");
-const organisation_entity_1 = require("../organisation/entities/organisation.entity");
+const organisation_membership_entity_1 = require("../organisation-memberships/entities/organisation-membership.entity");
+const user_internal_1 = require("../user-internal");
 let InvitationModule = class InvitationModule {
 };
 InvitationModule = __decorate([
     (0, common_1.Module)({
         imports: [
             config_1.ConfigModule.forFeature(InvitationConfigurationVariables_1.default),
-            typeorm_1.TypeOrmModule.forFeature([invitation_entity_1.Invitation, organisation_entity_1.Organisation]),
+            typeorm_1.TypeOrmModule.forFeature([invitation_entity_1.Invitation, organisation_membership_entity_1.OrganisationMembership, user_internal_1.User]),
             smtp_email_client_module_1.SmtpEmailClientModule,
             organisation_module_1.OrganisationModule,
         ],